CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2024-54170	IBM EntireX denial of service Description: IBM EntireX 11.1 could allow a local user to cause a denial of service due to use of a regular expression with an inefficient complexity that consumes excessive CPU cycles. CVSS: MEDIUM (5.5) EPSS Score: 0.01% Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-54169	IBM EntireX path traversal Description: IBM EntireX 11.1 could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. CVSS: MEDIUM (6.5) EPSS Score: 0.04% Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-13148	SQLi in Yukseloglu Filter's B2B Login Platform Description: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yukseloglu Filter B2B Login Platform allows SQL Injection.This issue affects B2B Login Platform: before 16.01.2025. CVSS: CRITICAL (9.8) EPSS Score: 0.04% SSVC Exploitation: none Source: CVE February 27th, 2025 (4 months ago)
	A Threat Actor is Selling Admin Access to OOS Software HRM Description: A Threat Actor is Selling Admin Access to OOS Software HRM Source: DarkWebInformer February 27th, 2025 (4 months ago)
	A Threat Actor Claims to be Selling Admin Access to BYD India Private Limited Description: A Threat Actor Claims to be Selling Admin Access to BYD India Private Limited Source: DarkWebInformer February 27th, 2025 (4 months ago)
	3 Things to Know About AI Data Poisoning Description: Data poisoning represents the next big existential cybersecurity threat — unless organizations can ensure their AI systems are safe and trustworthy. Source: Dark Reading February 27th, 2025 (4 months ago)
	Instagram 'Error' Turned Reels Into Neverending Scroll of Murder, Gore, and Violence Description: “Today’s algorithm showed me around 70 murders, 100+ accidents, and around 115 violence videos, is anyone on Instagram noticing it?” Source: 404 Media February 27th, 2025 (4 months ago)
	Chinese APT Uses VPN Bug to Exploit Worldwide OT Orgs Description: Companies critical to the aviation and aerospace supply chains didn't patch a known CVE, providing opportunity for foreign espionage. Source: Dark Reading February 27th, 2025 (4 months ago)
CVE-2025-27154	Spotipy's cache file, containing spotify auth token, is created with overly broad permissions Description: Spotipy is a lightweight Python library for the Spotify Web API. The `CacheHandler` class creates a cache file to store the auth token. Prior to version 2.25.1, the file created has `rw-r--r--` (644) permissions by default, when it could be locked down to `rw-------` (600) permissions. This leads to overly broad exposure of the spotify auth token. If this token can be read by an attacker (another user on the machine, or a process running as another user), it can be used to perform administrative actions on the Spotify account, depending on the scope granted to the token. Version 2.25.1 tightens the cache file permissions. CVSS: HIGH (8.4) EPSS Score: 0.01% Source: CVE February 27th, 2025 (4 months ago)
CVE-2024-9334	Information Disclosure in E-Kent's Pallium Vehicle Tracking Description: Use of Hard-coded Credentials, Storage of Sensitive Data in a Mechanism without Access Control vulnerability in E-Kent Pallium Vehicle Tracking allows Authentication Bypass.This issue affects Pallium Vehicle Tracking: before 17.10.2024. CVSS: HIGH (8.2) EPSS Score: 0.06% Source: CVE February 27th, 2025 (4 months ago)